On Sat, 9 Feb 2002, Andrew Kenneth Milton wrote:

> | actually, if you're going that route, it's easier to strip the kernel
> | down, lock everything nicely with a securelevel (read up in init(8) about
> | this), and remount all of the drives read only. there's nothing preventing
> | anyone from doing that. there's also nothing to prevent you from booting
> | from a drive, and loading all the tools you need in to a ramdisk, and just
> | using that..
> |
> | of course, this is going a bit more hardcore than most people want or
> | would.
>
> But saner than trying to get the box to partially halt d8)

perhaps. i think it's a sane way to handle a firewall. if you're going to
log it, you should be logging either to another machine or to a printer
for hardcopy. better to do both, since the hardcopy is not really
alterable. but this is not something for the home user..

-------/ f. johan beisser /--------------------------------------+
  http://caustic.org/~jan jancaustic.org
    "John Ashcroft is really just the reanimated corpse
         of J. Edgar Hoover." -- Tim Triche

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]